[ Date Index ] [ Thread Index ] [ <= Previous by date / thread ] [ Next by date / thread => ]
Jaan Jänesmäe wrote: > On Thu, Mar 6, 2008 at 7:43 PM, Grant Sewell <dcglug@xxxxxxxxxxxx> wrote: >> All this talk of spam... what is it? I seem to get about 4 spam emails per >> day. I don't run any filtering of my own; I specifically turned off >> filtering at Eclipse's end; my email address is pretty visible, etc, etc. >> How am I not getting spam? I'm guessing that switching off spam filtering doesn't stop the CISCO IronPort reputation filtering, and similar checks. Anyone know for sure - Alex? Regulars here know that I do almost entirely reputation based filtering at work, along with other checks that unknown servers behave like email servers, you can stop the vast bulk of spam without any content based filtering. Most ISPs do at least moderate amounts of reputation based filtering simply to keep hardware costs down. If you treated every incoming SMTP connection equally you'd need about a hundred to thousand times the amount of hardware to handle the same volume of email. Content based filtering is very tricky to do well at an ISP level because you need to know what customers genuine emails look like, and learn on a per customer basis. Otherwise you just end up flagging a load of genuine email. As Neil will tell you, my attempts to throw away emails marked as spam before they were sent to us has a non-trivial false positive rate. > my spam folder has about 1600 mails currently, interested? Not really ;) I have a domain which never received genuine email (but did send email in the past), and hasn't been used by humans for at least 5 years, which I use as a spam test domain, since I can safely assume all email to it is spam. Yesterday I saw ~9000 log entries referring to attempts to deliver spam to that domain, we refused all but 46 on the basis of reputation. 95% failed block lists 0.5% failed HELO checks 0.5% failed because the senders purported domain didn't exist 0.5% misc checks The remaining 3% of the total were stopped by Greylisting, although there is a small amount of double counting where stuff is affected by greylisting. There is probably more attempts that never make it as far as causing a log entry that mentions the domain they are sending to - but I can't separate them for the domain in question, so I can't be sure if we classified those as spam correctly or not. Back of the envelope calculation suggests we stop 99.5% of spam (to this non-representative domain) by checks that I wouldn't particularly regard an unusual, and are server wide. Possible Eclipse don't do Greylisting if you switch off spam filtering, but they could readily still be stopping over 95% of spam before they even consider applying a specific "filter". Propagation of email addresses to spammers (and malware) is erratic and unpredictable. Putting you email in a vCard on your website attracts far less spam, than say one post to Usenet. One entry in a "AUTHORS" file on a free software package is worth a shed load of Windows viruses any time another email born nasty hits the Outlook Express users of the world. Some ISP staff have been caught selling mail logs to spammers. Sometimes someone with an email from you gets a virus on their PC, and then your email address ends up on every PC that virus emails using your address, and then propagates with the virus in some cases.
Attachment:
signature.asc
Description: OpenPGP digital signature
-- The Mailing List for the Devon & Cornwall LUG http://mailman.dclug.org.uk/listinfo/list FAQ: http://www.dcglug.org.uk/linux_adm/list-faq.html